Tres Finocchiaro spake unto us the following wisdom: > And similarly, if your argument, that all passwords must be difficult to > type and must be near impossible to read over the shoulder or else they are > REALLY BAD, which in turn makes the user STUPID seems naive and ignorant to > any basic practical, efficient, easy to remember methods of memorization.
I didn't call anyone stupid. Pay attention. Your argument here is still wrong and bogus. > The password: > > "Eth@ngoesoutofh1swaytocr3ategreatpasswords!" You're not going to be able to memorize this in just a second or two looking over someone's shoulder, either. It's hard to parse English sentences without spacing, your brain is going to replace the changed letters automatically, etc. -- so you're going to have to spend a second to memorize and get it right to use it later. Now, you're correct that the base64 of *that* is much harder to memorize, but ... who cares? What are you protecting against? Now you're just throwing straw men up. I'm going to leave off your whole rant about doing passwords "right" or "wrong". I don't care how you choose your password. If it's a good password, it's going to be hard for a third party to memorize in a glimpse. It's also going to be hard to memorize in base64, but all you've done is tricked naive users into thinking their accounts.xml is "safe" and letting Mallory stare at it as long as he wants. You're on the losing end of this argument. The right solution to this problem is a password manager, not bogus obfuscation. We're LONG overdue for a password manager, but bickering about base64 on the mailing list isn't going to make that happen. Ethan _______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support